Lucene search
+L

46 matches found

nessus
nessus
added 2026/02/23 12:0 a.m.7 views

Oracle Linux 10 : protobuf (ELSA-2026-3094)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3094 advisory. - Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits Tenable has extracted the preceding description block directly from the Oracle Linux...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References2
nessus
nessus
added 2026/02/19 12:0 a.m.6 views

Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2026-1407)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1407 advisory. A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due t...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References4
veracode
veracode
added 2026/01/28 4:55 a.m.7 views

Denial Of Service (DoS)

Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References21Affected Software1
susecve
susecve
added 2026/01/24 12:24 a.m.4 views

SUSE CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

5.9CVSS5.7AI score0.00613EPSS
Exploits0References15
github
github
added 2026/01/23 3:31 p.m.19 views

protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/01/23 3:16 p.m.5 views

AZL-76505 CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
osv
osv
added 2026/01/23 3:16 p.m.8 views

AZL-75830 CVE-2026-0994 affecting package protobuf for versions less than 25.3-6

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
osv
osv
added 2026/01/23 3:16 p.m.11 views

AZL-76602 CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
osv
osv
added 2026/01/23 3:16 p.m.8 views

AZL-76481 CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/01/23 3:16 p.m.8 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/01/23 2:55 p.m.11 views

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/23 2:55 p.m.3 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/01/23 2:55 p.m.284 views

CVE-2026-0994

CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References19Affected Software1
cvelist
cvelist
added 2026/01/23 2:55 p.m.37 views

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS0.00613EPSS
Exploits0References1
osv
osv
added 2026/01/23 2:55 p.m.3 views

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References21
cnnvd
cnnvd
added 2026/01/23 12:0 a.m.7 views

Google Protobuf security vulnerabilities

Google Protobuf is a data exchange format developed by Google, Inc. of the United States. There is a security vulnerability in Google Protobuf. This vulnerability stems from the google.protobuf.jsonformat.ParseDict function, which can bypass the maxrecursiondepth limit when parsing nested...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References1
nessus
nessus
added 2026/01/23 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-0994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/01/01 12:0 a.m.5 views

PT-2026-4468

Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...

8.2CVSS5.3AI score0.00613EPSS
Exploits0References337
redhat
redhat
added 2023/05/16 8:59 a.m.10 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01626EPSS
Exploits0References6
redhat
redhat
added 2022/11/08 9:43 a.m.7 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01626EPSS
Exploits0References6
Rows per page
Query Builder